From ebd008e7da6d622eab758fbed290b7430573e6ec Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Tue, 9 Jan 2024 12:16:46 +0100 Subject: Update README for the email-key-rotation-service-type --- README.org | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.org b/README.org index 98501b3..f8f2d20 100644 --- a/README.org +++ b/README.org @@ -74,6 +74,32 @@ configuration object with =sxml->configuration= in the port to read XML from. It defaults to the Guile current input port. +* Use the Guix =email-key-rotation-service-type= +The =guix= sub-directory of this repository holds the code to use +email-key-rotation as a Guix service. In order to instantiate the +=email-key-rotation-service-type=, you need a +== object, that you can create with +=make-email-key-rotation-configuration=. + +This function accepts one required argument, the name of the file +where the rotation state will be written. It also accepts more +optional keyword arguments: +- =selectors=: a list af strings, they are selectors that will be used + in turn to refer to DKIM keys; +- =opensmtpd-conf=: the name of a private opensmtpd configuration file + where SRS secrets are written; +- =selector-file=: the name of the file where the current DKIM + selector will be written; +- =key-file=: the name of the file where the current DKIM private key + will be written; +- =gandi-key-file=: the name of the file where your Gandi API key is + written; +- =gandi-domain=: your domain name on Gandi LiveDNS; +- =services-to-restart=: a list of strings, the Shepherd services that + need to be restarted when the keys are rotated. For instance, your + opensmtpd service, because the SRS secrets have changed, and your + DKIM proxy, because it must change its key and selector. + * About the code The code requires =guile-json=, and at run-time, the =openssl= binary. -- cgit v1.2.3